RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

Users prompted to provide additional security info when accessing Microsoft 365
Published Date : 31 May 2018   Last Updated : 20 Sep 2022   Content Ref: TEC6276129  





Symptoms

When signing in to an RM Unify federated Microsoft® 365™ domain, either via the Microsoft® portal (https://login.microsoftonline.com/), or by clicking a Microsoft 365 tile from the RM Unify Launch Pad, you see two additional Microsoft messages:

  1. "Additional info required. Your administrator requires you to add additional security info to help you recover your account [Next]".
Image showing the message

  1. "don't lose access to your account!
    To make sure you can reset your password, we need to collect some info so we can verify who you are. We won't use this to spam you - just to keep your account more secure. You'll need to set up at least 2 of the options below.
     
    Authentication Phone is not configured. Set it up now
     
    Security Questions are not configured. Set them up now".
Image showing the message


Cause

These additional screens appear to end users when the self-service password reset functionality has been enabled within Azure Active Directory in your Microsoft 365 tenancy. This is a tenancy level setting and will apply to all domains in your tenancy, both federated domains and unfederated domains.



Requirements

For RM Unify federated Microsoft 365 domains, it is not possible for users to use the Microsoft self-service password reset functionality (SSPR). RM Unify handles user authentication for Microsoft 365 and utilises its own password recovery functionality.

If you wish to disable SSPR on all domains in your tenancy, please follow procedure 1 below. If you wish to leave SSPR enabled for some or all users on unfederated domains, please follow procedure 2 below.



Procedure

1. To disable the self-service password reset functionality for the entire tenancy

To disable the password reset functionality, which is redundant if you have Microsoft 365 federated to RM Unify, please perform the following:

  1. Log on to Microsoft 365 as a global administrator and navigate to the 'Microsoft 365 admin center'.
  2. From the left-hand side, under Settings, select Org settings.
  3. In the right-hand side pane, under 'Security & privacy', click the 'Self-service password reset' link
  4. In the 'Azure Active Directory admin center' window, on the left-hand side, select Users, 'Password reset'.
  5. Change the 'Self service password reset enabled' option to None.
  6. Click Save.
  7. Note the information box advising that this setting only applies to end users. M365 admins are always enabled for self-service password reset.

2. To enable the self-service password reset functionality for only selected users in your tenancy

Use this procedure to allow self-service password reset functionality for only the unfederated users in your Microsoft 365 tenancy:

  1. Log on as a global admin and access the 'Microsoft 365 admin center'.
  2. From 'Teams & groups', create a security group called SSPR Enabled.
  3. From Users, bulk select the users you want to add to the security group.
    Note: You may find using the filter feature helpful in returning multiple users from a specific domain.
  4. From the toolbar, click the three dots and select 'Manage groups'.
  5. In 'Group memberships', type SSPR Enabled.
  6. Tick the group and click 'Save changes'.
  7. Navigate to the 'Password reset properties' page in Azure Active Directory.
  8. Click Selected, then search for and select the SSPR Enabled group created above.
  9. Click 'Save changes'.


FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: o365, signin, sign-in, prompt, authentication, window, recovery, m365, TEC6276129


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page